Add SkipChangeCipherSpec tests.
They pass, but this is an error case that is probably worth a test.
Change-Id: I37b2eec34a1781fa8342eea57ee4f9da81ce17ed
Reviewed-on: https://boringssl-review.googlesource.com/1257
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index ffa35db..d394b73 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -363,6 +363,11 @@
// SkipServerKeyExchange causes the server to skip sending
// ServerKeyExchange messages.
SkipServerKeyExchange bool
+
+ // SkipChangeCipherSpec causes the implementation to skip
+ // sending the ChangeCipherSpec message (and adjusting cipher
+ // state accordingly for the Finished message).
+ SkipChangeCipherSpec bool
}
func (c *Config) serverInit() {
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 890a8a0..271355f 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -557,7 +557,9 @@
func (hs *clientHandshakeState) sendFinished() error {
c := hs.c
- c.writeRecord(recordTypeChangeCipherSpec, []byte{1})
+ if !c.config.Bugs.SkipChangeCipherSpec {
+ c.writeRecord(recordTypeChangeCipherSpec, []byte{1})
+ }
if hs.serverHello.nextProtoNeg {
nextProto := new(nextProtoMsg)
proto, fallback := mutualProtocol(c.config.NextProtos, hs.serverHello.nextProtos)
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index f177fc8..4c3d35a 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -569,7 +569,9 @@
func (hs *serverHandshakeState) sendFinished() error {
c := hs.c
- c.writeRecord(recordTypeChangeCipherSpec, []byte{1})
+ if !c.config.Bugs.SkipChangeCipherSpec {
+ c.writeRecord(recordTypeChangeCipherSpec, []byte{1})
+ }
finished := new(finishedMsg)
finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret)
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index e025859..e2de470 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -223,6 +223,27 @@
"-expect-next-proto", "bar",
},
},
+ {
+ name: "SkipChangeCipherSpec-Client",
+ config: Config{
+ Bugs: ProtocolBugs{
+ SkipChangeCipherSpec: true,
+ },
+ },
+ shouldFail: true,
+ expectedError: ":GOT_A_FIN_BEFORE_A_CCS:",
+ },
+ {
+ testType: serverTest,
+ name: "SkipChangeCipherSpec-Server",
+ config: Config{
+ Bugs: ProtocolBugs{
+ SkipChangeCipherSpec: true,
+ },
+ },
+ shouldFail: true,
+ expectedError: ":GOT_A_FIN_BEFORE_A_CCS:",
+ },
}
func doExchange(tlsConn *Conn, messageLen int) error {